• PHP Help Upgrading PHP

  • Variable is not being successfully passed between ".php" page and ".inc" pages!

My php page doesn't seem to be successfully passing variable between ".php" page and ".inc" page. The php script page was working until my web host upgraded from php 4 to php 5. All of a sudden, my script no longer worked. Am I missing something obvious? I am not a very sophisticated php user so please provide a php for dummies type answer. Any help would be appreciated.

Here is my php script page.

<?php

include ("mike.inc");

session_start();

session_register('username','password');

// GAIN ACCESS
if (isset($HTTP_POST_VARS['gainaccess']))
{
// Connect to the database server
$connection = mysql_connect($host,$user,$databasepassword)
or die ("couldn't connect to database server");

			// Connect to MYSQL		
			$db = mysql_select_db($database,$connection)		
			or die ("Couldn't select database");		

			// Here is where we check to see if the username and password are in the database		
			$sql = "SELECT username FROM authorization WHERE (username='$username' and password = '$password' and eventauth = 'yes')";		
			$result = mysql_query($sql)		
			or die ("Couldn't execute query.");		
			$num = mysql_numrows($result);		
			if ($num < 1)		
				{	
					$sql = "SELECT username FROM authorization WHERE username='$username' and password = '$password'";
					$result = mysql_query($sql)
					or die ("Couldn't execute query.");
					$num = mysql_numrows($result);			
					if ($num < 1)			
						{		
							$sql = "SELECT username FROM authorization WHERE username='$username'";	
							$result = mysql_query($sql)	
							or die ("Couldn't execute query.");	
							$num = mysql_numrows($result);	
							if ($num < 1)	
								{
							$message1 = "The username you provided, '$username', is not authorized to send the current issue of BlackNYC to the BlackNYC subscriber base. Thanks.";	
							include ("eventdebug.inc");	
								}
							else	
								{
								$message1 = "The password you entered does not match the username you supplied.";
							include ("eventdebug.inc");	
								}
						}		
					else			
						{		
							$message1 = "The username you entered is not authorized to update the BlackNYC event database.";	
							include ("eventdebug.inc");	
						}		
				}				
			else					
				{			

					include ("eventdebug.inc");	
				}		

}

else

{		
	include ("eventdebug.inc");	
}

?>

    Most likely register_globals is OFF and it used to be ON.

      Thanks HalfaBee. How do I turn register_globals on? Can I do this if my site is being hosted by a web host?

        If you can use php.ini just change the values, it all depends on how your host is setup.

        or you can put extract[$_POST'] at the top of your script.

        Note: You should do some input cleansing before putting the variables into mysql queries to avoid SQL injection.

          It may be better to just take some time to convert the incoming variables to be elements of the corresponding superglobal arrays ($GET, $POST, $COOKIE, $SESSION, etc). You are not checking for all of the incoming variables anyway, and need to escape them before use in the SQL statements.

            laserlight wrote:

            It may be better to just take some time to convert the incoming variables to be elements of the corresponding superglobal arrays ($GET, $POST, $COOKIE, $SESSION, etc).

            It would make sense to replace $HTTP_POST_VARS and the like at the same time; both for consistency and due to the fact that these variables are effectively deprecated and will be gone from a future version of PHP.

              Write a Reply...